Computer, phone, and coffee cup on a desk. The computer screen is showing an email alert.

91% of Cyberattacks Begin with a Phishing Email


Print Friendly, PDF & Email

Research by Deloitte found that 91% of all cyberattacks begin with a phishing email (an email that looks like it’s from someone you know but is actually from criminals).

That’s how web giant Yahoo was targeted a few years ago, exposing the contents of half a billion user accounts to criminals. And though we often only hear about these high-profile cases, small and medium-sized businesses are prime targets for these attacks.

Your business email needs to be as secure as possible.

What’s the damage?

The impact of phishing attacks can vary, but the criminals have three main objectives:

  • Data theft – scammers will use ‘credential phishing’ to steal your customers’ personal information.
  • Malware – some attacks will install malicious software onto your device, which can potentially spread through your network. This could include spyware, which can log your keystrokes and track you online, or ransomware, which encrypts your data and demands a ransom to get it back.
  • Wire transfer fraud – CEO fraud and Business Email Compromise (BEC) attacks, in particular, attempt to persuade a target to transfer money to an account controlled by the attacker.

It’s a people problem

All email attacks rely on someone in your business falling for the con. So, it’s important to create a culture of security within your business to reduce the chances that a ‘social engineering attack’ – a scam that convinces someone to act – will succeed.

  • Everyone should know what to look out for and what to do if they think an incident has occurred. This includes who to report it to and what immediate action to take.
  • Have an email use policy that describes how your people should use their business email accounts and the importance of following the rules.
  • And consider putting your team to the test from time to time, maybe by simulating a phishing attack or holding refresher sessions where you quiz them on their knowledge.

Failure to make your whole team aware of the importance of good cybersecurity can be a costly mistake.

How we can help

Staff training will be one of the strongest tools in your arsenal, but we can also help by putting technical measures in place to lessen the chances of an attack and to reduce the impact if it does happen.

We can create a gateway to block or quarantine suspicious emails, scanning incoming and outgoing emails for malicious content. We can install software to help protect you from email spoofing and your email being used in BEC attacks, phishing scams, and spam emails.

And we can deploy end-to-end encryption, which stops anyone from reading the content of your email unless they have the correct encryption key. That means your email is only ever received by the intended person, and data can’t be tampered with.

It’s a lot to think about, but email attacks are one of the biggest security threats to businesses. They need to be taken seriously.

So, if you need expert support or are worried that making these changes might cause disruption, get in touch. We do this every day.

Information used in this article was provided by our partners at MSP Marketing Edge.

Want To Learn More?

Connect with one of our professionals today.